• Supported Platforms
• M Series
• MX Series
• T Series

• Related Topics
• Physical Interface Policers Configuration
• show interfaces (Gigabit Ethernet) command in the Junos Interfaces Command Reference
• show interfaces statistics command in the Junos Interfaces Command Reference
• show policer command in the Junos Routing Protocols and Policies Command Reference

Configuring a Single-Rate Three-Color Policer

You can apply a single-rate three-color policer to the input or output interface.

To configure a single-rate three-color policer:

1. Configure the policer.
   [edit firewall three-color-policer policer2]user@host# set single-rate color-awareuser@host# set single-rate committed-information-rate 40muser@host# set single-rate committed-burst-size 100kuser@host# set single-rate excess-burst-size 200k

   For three-color policers, the only configurable action is to discard red packets. Red packets are packets that have been assigned high loss priority because they exceeded the excess burst size (EBS).

   [edit firewall three-color-policer srTCM1-ca]user@host# set action loss-priority high then discard
2. Configure the policer type.
   [edit firewall policer policer1]user@host# set logical-interface-policer

   Instead of logical-interface-policer, you can use physical-interface-policer. Physical interface policers are for policers that you reference in firewall filters.

3. (Optional) Reference the policer in a firewall filter, for all traffic types or for a specific traffic type.
   [edit firewall]user@host# set filter limit-hosts term term1 then three-color-policer single-rate srTCM1-ca
   [edit firewall]user@host# set family mpls filter limit-hosts term term1 then three-color-policer single-rate srTCM1-ca
4. Apply the policer to an interface.

   If you referenced the policer in a firewall filter, apply the filter to an interface.

   [edit interfaces so-1/0/0 unit 0 family inet]user@host# set filter input srTCM1-ca

   On some platforms, you can apply a Layer 2 policer to all traffic types on Gigabit Ethernet (ge or xe) interfaces. Layer 2 policers must include the logical-interface-policer statement discussed in Step 2.

   [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer input-three-color srTCM1-ca

   To apply a policer to outgoing packets, include the output-three-color statement instead of the input-policer statement.

   [edit interfaces ge-1/0/0 unit 0]user@host# set layer2-policer output-three-color srTCM1-ca
5. For input policers on MX Series platforms only, configure a fixed classifier.

   A fixed classifier reclassifies all incoming packets, regardless of any preexisting classification.

   [edit class-of-service interfaces ge-0/0/0]user@host# set forwarding-class af

   The classifier name can be a configured classifier or one of the default classifiers.

6. Verify that the policer is working as expected.
   user@host> show interfaces ge-0/0/0.0 detailuser@host> show interfaces ge-0/0/0.0 statistics detailuser@host> show policer